 Hi, this is your host, Bill Bhartian. Today, we have with us once again, William Morgan, CEO of Point. William, it's great to have you on the show again. Great to be back. LinkerD 2.9 has been released. Tell us what's new there. Yeah, so this is a very big release for us. There's a couple of exciting features here. The biggest one is probably around mutual TLS for all TCP connections. So LinkerD has had mutual TLS for HTTP and for GRPC traffic for a couple of versions now. But in the 2.9 release, we've extended that so that any TCP connection between meshed endpoints can now be MTLSed. And in fact, we do it in the same way we were doing it before, where it's zero config and it's turned on by default. So the moment that you add LinkerD onto either side, you get all the benefits of confidentiality and authenticity. All the certificate rotation stuff is happening and identity is tied to Kubernetes service accounts. Kind of everything that you would want to have a kind of one-stop shop for making a pretty big step towards zero trust. You have also added support for ARM. Talk about that. Yeah, that's right, that's right. So as of 2.9, LinkerD can now run on your Raspberry Pi, if you want, or you can run on AWS's Graviton ARM processors. So it's pretty exciting. The other thing that we've added is on the proxy side. So LinkerD runs a proxy called simply LinkerD2 proxy. Super small, super lightweight, written in Rust. And as of 2.9, we have extended that to multi-core support. So an individual proxy, it's not only faster and smaller than where we were in 2.8. But it can now scale out to multiple cores. So if your pod has a whole lot of traffic, it should be fine. You're also kind of bragging about the blazing fast speed and ultra low memory footprint as compared to Istio. How does it matter? And what work did you do to make it more efficient? Yeah, so a lot of this comes down to the fact that we use this very kind of tailor-made proxy. And by tailor-made, I mean it is designed for the sidecar service mesh use case specifically. Of course, it's 100% open source. It's part of the CNTF project. It has regular security audits. It's written in Rust. We're doing everything to make this an extremely stable foundation. But really, the trick is, because we are designing it for this specific use case, we can shed a lot of the complexity. We can shed a lot of the overhead, because all we have to do is satisfy the sidecar service mesh use case. And that's a primary reason why LinkerD is so much faster and consumes fewer resources than other options. What traction have you seen for LinkerD, especially after Google's announcement or Google's decision to not put Istio into CNTF? Yeah, it's hard to know how much of a difference that made directly for LinkerD. Certainly, there are people who have told us, oh, this is the reason why we're adopting LinkerD. It's really important for us to be part of the CNTF ecosystem. We're building our entire stack on top of CNTF projects. But I don't know whether that's the reason why people come to LinkerD, especially from Istio, is because it's smaller and faster primarily. And actually, the thing that I think really drives people is it's simpler. It's very, I wouldn't say it's very simple overall, but it's about as simple as a service mesh can be. So how that stacks up, how the CNTF aspect stacks up, a little unclear to me. But certainly, it hasn't harmed anything. I mean, the fact is that people don't choose a project based on where it is hosted. A lot of people are hosting Apache and all that. They choose a project that scratches their edge or it helps them. So you're absolutely right about that. But it does play a big role because they get that confidence that putting all their x in a basket and who owns that basket. But you're absolutely right that at this point, you cannot have that metric there. But one more thing that I want to ask you is that we talked about it last time also. But can you talk about the release cadence of LinkerD? Number one, number two is because of this change landscape because of the pandemic. Even if companies' plans have not changed, they have accelerated adoption, digital transformation, or cloud native journey. So how does that affect LinkerD? Yeah, that's definitely resulted in a big increase in adoption. One of my favorite stories here is HEB, which is a big Texas grocery store adopted LinkerD as a way of expediting their rollout of curbside pickup and delivery because of COVID-19. Suddenly, this was a really important thing for how people could get their groceries without having to go into the store. So they use LinkerD, they have a really nice talk that they're putting together for KubeCon about this. So I think that's a great example of COVID-19, of course, being this terrible pandemic, but technology companies doing their best to respond to it and LinkerD, I'm proud to say, being a part of that. In the beginning, you kind of emphasized on security, zero trust with the release. How important is security? Once again, I'm going back to the pandemic is for companies, which also helps because you guys also kind of specialize in that area as well. Yeah, security is not really important. It's something you can always do later. No one really cares too much about it. No, I'm kidding. Of course, security is vital. Like it's even more vital now that we're putting our workloads in the cloud and in someone else's hardware and someone else's network. And the expectations that we place on our software are only increasing, right? We expect to ship features very, very rapidly and to update the code base on a very rapid basis. So everything that we're doing in LinkerD is very, very focused on security, both from kind of the data plane implementation details. We're writing it in Rust because that avoids us, avoids a whole class of CVEs and vulnerabilities that are kind of endemic to C or C++ code all the way up to kind of the simplicity of the design. LinkerD is known for being extremely simple and a big part of that is because the more complexity you make something, the more room you leave for human error and that's when security issues happen, right? It's not that someone cracks the encryption algorithm, that's not a very common occurrence but someone misconfiguring something or something just being so complex that I don't even want to set it up right now, that's where things go south. And also, there are so many things, I mean, if I look at Kubernetes and the kind of architecture we're looking at, things are complicated and the fact is that we can very easily beat complex index but the fact, it could fix, but the fact is that everybody cares about security but the thing is, sometimes it becomes so complicated that you respect how much they want. So how do you make it easier for them so that when they look at security, oh my God, I don't want to touch that versus it doesn't really matter, you know, you're making it so easier for them so that they make it part of their pipeline. Yeah, yeah, so I think there's two big tools. You know, one is just having things on by default, right? So like that's a big advantage of LinkerD's MTLS implementation. We turn it on by default, we make it zero config. So let me install it, you have improved things, right? Like that's a huge part as opposed to setting up a bunch of YAML and then having to get the TLS certs and like certain management is such a huge nightmare. We try and make it as easy as when your web browser, you know, you connect to Reddit and you're looking at cat pictures, right? You get that green lock icon, right? It should, and you don't have to do any work to do that. It should be just as easy as that. So that's one aspect. The other aspect I think is in the inspectability or the introspectability aspect, which is you as the operator need to understand what the mesh is doing. You need to know, you know, which parts are healthy. If there's something unhealthy, then you need to know about it. And so we give you as much as possible in LinkerD, we give you the tools so that you at all times have a model of what's happening, right? This is what simplicity means. It's not that something is really easy and you don't have to think about it. It's that you can understand it and then it's every component is clear and that the sequence of events is clear. So there is visibility as well as transparency where you can clearly see what's going on there. And you have a mental model where you understand what's happening and then when something violates that model, then you know, okay, that's weird, right? That's, you know, this is like, it's basically don't have magic in there. Make it clear what's happening. And it's also held with repeatability because once things are visible to you, you do know what happened, how it happened. It's easy to repeat that as well. Yeah, and unfortunately that's just not, it doesn't seem to be very common in the cloud native space. I think everyone's so excited about building platforms. Everyone's so excited about, you know, adding all these features and being able to do everything that complexity just creeps in. And you can't, you know, just like you can't add security later on, you can't add simplicity, right? Like that has to be done from the very beginning. Anything else in the context of this release? You know, the only other thing I'll point out is support for service topologies, which is a cool Kubernetes feature that allows you to specify kind of the, you know, that allows you to kind of hint or inform LinkerD that, hey, these requests, you should try and keep them on the same node or these requests should try and keep on the same zone. So you have ways of both kind of reducing latency and reducing potentially costs as well. So that was a cool feature that we got in, you know, in the 2.9. William, thank you once again for taking time out and talking about LinkerD 2.9. And I look forward to talk to you again. So, but before we wrap this up, will there be more releases or we are looking for the major 3.0 release? I know you may or may not be able to talk more about it, but it's an open source project, right? Everything is public. Right, everything is up in the GitHub, you know, and so you're welcome to browse around, but, you know, kind of our expectations right now is, yes, there's gonna be a couple, you know, a couple more releases. We're always gonna keep releasing. So 2.10, you know, which we're looking at, it's probably gonna be around kind of reducing the size of the control plane, even further making it more modular and simpler. And then 2.11, we're probably looking at things like policy. So enforcing, you know, is A, allowed to talk to B? So, and 2.12 and so on, there's a long roadmap of mesh expansion and all sorts of fun stuff. So a lot of LinkerD in the future. Awesome, thank you, Morgan. And as I said, I look forward to talking to you again. Thank you. You're welcome. Thank you.